From 1d0ba9a61f0bc30209a8eae48b863241044b6b23 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 17 Sep 2013 17:55:43 -0400 Subject: Stop sending the current time in client NETINFO handshakes. Implements part of proposal 222. --- src/or/connection_or.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/or/connection_or.c b/src/or/connection_or.c index d5dd4470e..95cb39ac8 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2051,8 +2051,9 @@ connection_or_send_netinfo(or_connection_t *conn) memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_NETINFO; - /* Timestamp. */ - set_uint32(cell.payload, htonl((uint32_t)now)); + /* Timestamp, if we're a relay. */ + if (! conn->handshake_state->started_here) + set_uint32(cell.payload, htonl((uint32_t)now)); /* Their address. */ out = cell.payload + 4; -- cgit v1.2.3 From f8b44eedf725cadb15c3a0ad1bc5a0fa1dbbc21d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 17 Sep 2013 18:05:48 -0400 Subject: Get ready to stop sending timestamps in INTRODUCE cells For now, round down to the nearest 10 minutes. Later, eliminate entirely by setting a consensus parameter. (This rounding is safe because, in 0.2.2, where the timestamp mattered, REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.) --- src/or/config.c | 1 + src/or/or.h | 3 +++ src/or/rendclient.c | 20 +++++++++++++++++++- 3 files changed, 23 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/or/config.c b/src/or/config.c index 4e08f3c3a..18f1c2950 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -388,6 +388,7 @@ static config_var_t option_vars_[] = { V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StatusFetchPeriod"), V(StrictNodes, BOOL, "0"), + V(Support022HiddenServices, AUTOBOOL, "auto"), OBSOLETE("SysLog"), V(TestSocks, BOOL, "0"), OBSOLETE("TestVia"), diff --git a/src/or/or.h b/src/or/or.h index 8c6c1e363..eff5a6d2b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4099,6 +4099,9 @@ typedef struct { /** How long (seconds) do we keep a guard before picking a new one? */ int GuardLifetime; + + /** Should we send the timestamps that pre-023 hidden services want? */ + int Support022HiddenServices; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 7115bf208..9d48b9ce9 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -16,6 +16,7 @@ #include "connection_edge.h" #include "directory.h" #include "main.h" +#include "networkstatus.h" #include "nodelist.h" #include "relay.h" #include "rendclient.h" @@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) return result; } +/** Return true iff we should send timestamps in our INTRODUCE1 cells */ +static int +rend_client_should_send_timestamp(void) +{ + if (get_options()->Support022HiddenServices >= 0) + return get_options()->Support022HiddenServices; + + return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1); +} + /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell * down introcirc if possible. */ @@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc, REND_DESC_COOKIE_LEN); v3_shift += 2+REND_DESC_COOKIE_LEN; } - set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL))); + if (rend_client_should_send_timestamp()) { + time_t now = (uint32_t)time(NULL); + now += 300; + now -= now % 600; + set_uint32(tmp+v3_shift+1, htonl(now)); + } else { + set_uint32(tmp+v3_shift+1, 0); + } v3_shift += 4; } /* if version 2 only write version number */ else if (entry->parsed->protocols & (1<<2)) { -- cgit v1.2.3 From accadd8752bb26efeb31a5c866a16cc863963893 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 18 Sep 2013 10:51:04 -0400 Subject: Remove the timestamp from AUTHENTICATE cells; replace with random bytes This isn't actually much of an issue, since only relays send AUTHENTICATE cells, but while we're removing timestamps, we might as well do this too. Part of proposal 222. I didn't take the approach in the proposal of using a time-based HMAC, since that was a bad-prng-mitigation hack from SSL3, and in real life, if you don't have a good RNG, you're hopeless as a Tor server. --- src/or/connection_or.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 95cb39ac8..39a5317cf 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2287,19 +2287,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, if (server) return V3_AUTH_FIXED_PART_LEN; // ptr-out - /* Time: 8 octets. */ - { - uint64_t now = time(NULL); - if ((time_t)now < 0) - return -1; - set_uint32(ptr, htonl((uint32_t)(now>>32))); - set_uint32(ptr+4, htonl((uint32_t)now)); - ptr += 8; - } - - /* Nonce: 16 octets. */ - crypto_rand((char*)ptr, 16); - ptr += 16; + /* 8 octets were reserved for the current time, but we're trying to get out + * of the habit of sending time around willynilly. Fortunately, nothing + * checks it. That's followed by 16 bytes of nonce. */ + crypto_rand((char*)ptr, 24); + ptr += 24; tor_assert(ptr - out == V3_AUTH_BODY_LEN); -- cgit v1.2.3 From fd2954d06d2e9b8b0d33bcd0a2e3dfb947ff662e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 18 Sep 2013 11:09:34 -0400 Subject: Round down hidden service descriptor publication times to nearest hour Implements part of proposal 222. We can do this safely, since REND_CACHE_MAX_SKEW is 24 hours. --- src/or/rendservice.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 00bca17d4..8a4a11e47 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -593,6 +593,7 @@ rend_service_update_descriptor(rend_service_t *service) d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t)); d->pk = crypto_pk_dup_key(service->private_key); d->timestamp = time(NULL); + d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */ d->intro_nodes = smartlist_new(); /* Support intro protocols 2 and 3. */ d->protocols = (1 << 2) + (1 << 3); -- cgit v1.2.3